Download and Install the Iptables Service
To begin your server’s transition, you need to download and install the iptables-service package from the CentOS repositories. Download and install the service files by typing:
sudo yum install iptables-services
This will download and install the systemd scripts used to manage the iptables service. It will also write some default iptables and ip6tables configuration files to the /etc/sysconfig directory.
Construct your Iptables Firewall Rules
Next, you need to construct your iptables firewall rules by modifying the /etc/sysconfig/iptables and /etc/sysconfig/ip6tables files. These files hold the rules that will be read and applied when we start the iptables service.
How you construct your firewall rules depends on whether the system-config-firewall process is installed and being used to manage these files. Check the top of the /etc/sysconfig/iptables file to see whether it recommends against manual editing or not:
sudo head -2 /etc/sysconfig/iptables
If the output looks like this, feel free to manually edit the /etc/sysconfig/iptables and /etc/sysconfig/ip6tables files to implement the policies for your iptables firewall:
output # sample configuration for iptables service # you can edit this manually or use system-config-firewall
Open and edit the files with sudo privileges to add your rules:
sudo nano /etc/sysconfig/iptables sudo nano /etc/sysconfig/ip6tables
After you’ve made your rules, you can test your IPv4 and IPv6 rules using these commands:
sudo sh -c 'iptables-restore -t < /etc/sysconfig/iptables' sudo sh -c 'ip6tables-restore -t < /etc/sysconfig/ip6tables'
If, on the other hand, the output from examining the /etc/sysconfig/iptables file looks like this, you should not manually edit the file: Continue reading “Disable FirewallD and Enable Iptables on CentOS 7” »